oss-sec mailing list archives
Re: CVE Request: Linux kernel execution in the early microcode loader.
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 18 Mar 2015 13:44:20 +0100
On 03/18/2015 01:25 PM, Quentin Casasnovas wrote:
The attack vector could be from anyone between Intel and people shipping/packaging the microcode, or could potentially be used to get a resilient backdoor on system already compromised by sticking a tampered microcode on the initrd. It would also allow root to get kernel execution by recreating the initrd. I admit these are overly paranoid scenarios, but I _think_ there's still a privilege crossing from root to kernel exec which could make sense on certain security model.
Yes, Secure Boot separates root privileges from code execution in ring 0 (according to some interpretations of Secure Boot, in practice, signatures on binaries allowing ring 0 code execution are not revoked, so this new vulnerability does not alter the general picture). -- Florian Weimer / Red Hat Product Security
Current thread:
- CVE Request: Linux kernel execution in the early microcode loader. Quentin Casasnovas (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Daniel Micay (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 19)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Daniel Micay (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. cve-assign (Mar 20)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 18)